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Vulnerability Management Lifecycle 


Vulnerability 


Asset Inventory Management 


Do you know the type and 


Do you know what all your assets ede 
amount of open vulnerabilities? 


are and where they are? 


Threat Risk and 
Prioritization 


Patch 
Management 


Can you prioritize remediation 


How can you deploy patches to close based on threat intelligence? 


high-impact vulnerabilities? 
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WannaCry Timeline and Remediation 


EternalBlue à Fat 
Exploit emediation 


Authenticated Scan / Agent Detection 


THOUSANDS 


New Remote Detection 


Introducing (e) Qualys. 


One solution to Discover, Assess, Prioritize and Patch critical vulnerabilities 
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Asset Discovery 
Detect known and unknown assets 


Workflow to add an unmanaged 
asset as a managed asset 


Asset Inventory 


Hardware, operating system, and 
application inventory for all assets 


Asset Normalization and 
Categorization 


Normalize Inventory data by 
common attributes 


Categorize by vendor, version, type 


Renes; 
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Vulnerability Management 
Detect vulnerabilities by QID 
CVE-to-QID mapping 
CVSSv2 and CVSSv3 base scores 


Security Configuration Assessment 
CIS Benchmarks 
Security-related misconfigurations 
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Prioritization 
Using real-time threat context 
Real-world exploits 
Proof of Concepts 
Exploit categorization 
Exploit severity 


Machine Learning 


Contextual Awareness 
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Remediation 


Automatically correlate 
vulnerabilities to patches 


End-to-end User Interface 
workflows 


Fit-for-purpose visualizations 
and recommendations 


Orchestration for remediation 
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Pi 


Written in Python and TensorFlow 
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Live Exploits / Proof Of Concepts 
Historical Threat Patterns 
Historical Vulnerable Software/Vendor 


Dark Web and Social Media References 
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Qualys Insights 


| ML Model 


120K + 
Vulnerabilities 


Exploits/Threat 
Feeds 


Dark Web & 
Social Media 


Contextual Awareness 


Your Network is Unique to You 


External Facing Assets 

Business / Customer Applications 

Network Reachability / Cloud Security Groups 
Zero-Trust Networking / Micro-Segmentation 
Data Sensitivity and Data Access Governance 
Asset System Configuration 

Security Control Validation 
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Correlation 


Qualys Asset Vuln 


Security 
Controls 


SO Priority Score 


Exposure 


VMDR 
Concept Demo 


VMDR comes with much more 


Unlimited Cloud Agents Asset Categorization 
Unlimited Virtual Scanners Asset Normalization 
Unlimited Passive Sensors Configuration Assessment 


CIS Benchmarks 

Continuous Monitoring 
Vulnerability Management 

Patch Detection and CVE Correlation 


Certificate Inventory 
Cloud Inventory 
Container Inventory 
Mobile Device Inventory 


Available February 2020 
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Thank You 


Chris Carlson 
ccarlson@qualys.com 


